Fix conky hiding

I have installed and got some conky script but after system starting its hiding automatically and the only way I can see it while shutting down.

So I have googled and got some solution which can fix my problem.

Open your conkyrc file which is a hidden file  in home directory with

$ vim  .conkyrc

or

$ vim ~/.conkyrc

Find the area of below lines and make the configuration as I have mentioned.

own_window yes
own_window_class Conky
own_window_type normal
own_window_hints undecorated,below,sticky,skip_taskbar,skip_pager 
own_window_transparent yes

Then save and exit from your conkyrc file.

Then in we have to reload the conky with updated configuration , so all you have to do is kill the conky and then start it again.

so In your terminal as root user do as

# killall conky & conky

or

$ su -c " killall conky & conky"

 
I hope that will help you.

See Open Ports in a Linux PC ( Localhost/Remote Machine)

I am writing a small post that will help you just to see what ports are open in  a particular remote/local machine.

we are going to use tool name as nc.

To install it , open your terminal and type as

 # yum install nc

                              After installing , you can use it with

nc -zv xxx.xxx.xxx.xxx <Port>

                                           for example:

nc -zv 192.168.1.100 80

                                          if you want to do that for 2-3 ports

nc -zv 192.168.1.100 80 8009

                                            if you want to do scanning for range of ports

nc -zv 192,168.1.100 80-8080

hope it will help you.

THANK YOU

Tutorial on .htpasswd and .htaccess with apache(httpd) in Linux

If there is a situation that have to dealt with like a public website but with some secret information.
How can we protect the information ? .

We can use .htpasswd and .htaccess in that time.

How  ? Lets see................

Open your terminal and type as

                        vim /etc/httpd/conf/httpd.conf

and find line no : 334 to 338. This is the area of httpd.conf that dealt with .htaccess

    334 # AllowOverride controls what directives may be placed in .htaccess files.
    335 # It can be "All", "None", or any combination of the keywords:
    336 #   Options FileInfo AuthConfig Limit
    337 #
    338     AllowOverride AuthConfig
 

Now look at line no 338 , before modifying it will look like

                     AllowOverride None

You have to modify it to

                     AllowOverride AuthConfig

Now make sure that if you have some website and VirtualHost configuration of that website is successfully completed.

Fixing SELECT command denied to user 'user'@'x' for table proc

Open your hibernate.cfg file  and append this below string to your connection string.

                                Use Procedure Bodies=false;

How To do Software RAID using mdadm in CentOS

Today I am writing about how to create Software RAID. Creating Software RAID is pretty easy. All we need either 3 equal size partitions on different harddisks or 3 equal size harddisks.

        In my approach , I am doing this in VmWare by choosing 3 virtual harddisks with equal 1 GB             Size. Our first step is we need to make those harddisks as ready for RAID.

        In your terminal type as

          # fdisk -l
       To see available partitions and then try to create RAID partitions in that.

        If We assume my 3 harddisks as /dev/sdb,/dev/sdc,/dev/sdd then in your terminal

          # fdisk /dev/sdb

        Then
       
         [root@ns1 sysadmin]# fdisk /dev/sdb

WARNING: DOS-compatible mode is deprecated. It's strongly recommended to
         switch off the mode (command 'c') and change display units to
         sectors (command 'u').
Command (m for help): m
Command action
   a   toggle a bootable flag
   b   edit bsd disklabel
   c   toggle the dos compatibility flag
   d   delete a partition
   l   list known partition types
   m   print this menu
   n   add a new partition
   o   create a new empty DOS partition table
   p   print the partition table
   q   quit without saving changes
   s   create a new empty Sun disklabel
   t   change a partition's system id
   u   change display/entry units
   v   verify the partition table
   w   write table to disk and exit
   x   extra functionality (experts only)
Command (m for help): n

          I am selecting new partition here as primary with default size ,( all my 3 VHDS having same size)

Command action
   e   extended
   p   primary partition (1-4)
p
Partition number (1-4): 1
First cylinder (1-130, default 1): 
Using default value 1
Last cylinder, +cylinders or +size{K,M,G} (1-130, default 130): 
Using default value 130

Now we have to change Partition type to RAID , so

Command (m for help): t
Selected partition 1
Hex code (type L to list codes):  fd ( fd for auto RAID)

Now just verify

Command (m for help): p
Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x8a6b2eca
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1         130     1044193+  fd  Linux raid autodetect

All good , we can commit our changes.

Command (m for help): w
The partition table has been altered!
Calling ioctl() to re-read partition table.
Syncing disks.

Same as above do the same for /dev/sdc and /dev/sdd and then finally it will be like

[root@ns1 sysadmin]# fdisk -l
Disk /dev/sda: 21.5 GB, 21474836480 bytes
255 heads, 63 sectors/track, 2610 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00092c9c
   Device Boot      Start         End      Blocks   Id  System
/dev/sda1   *           1          64      512000   83  Linux
Partition 1 does not end on cylinder boundary.
/dev/sda2              64        2611    20458496   8e  Linux LVM
Disk /dev/sdb: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x8a6b2eca
   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1               1         130     1044193+  fd  Linux raid autodetect
Disk /dev/sdc: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x6429c3f4
   Device Boot      Start         End      Blocks   Id  System
/dev/sdc1               1         130     1044193+  fd  Linux raid autodetect
Disk /dev/sdd: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0xe883f58a
   Device Boot      Start         End      Blocks   Id  System
/dev/sdd1               1         130     1044193+  fd  Linux raid autodetect
Disk /dev/mapper/VolGroup-lv_root: 18.9 GB, 18865979392 bytes
255 heads, 63 sectors/track, 2293 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Disk /dev/mapper/VolGroup-lv_swap: 2080 MB, 2080374784 bytes
255 heads, 63 sectors/track, 252 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000

Now we have to create RAID, Here I am choosing RAID 5 which needs minimum 3 RAID Harddisks

[root@ns1 sysadmin]# mdadm --create /dev/md0 --level=5 --raid-devices=3 /dev/sdb1 /dev/sdc1 /dev/sdd1
mdadm: Defaulting to version 1.2 metadata
mdadm: array /dev/md0 started.

RAID 5 Created. --level indicates RAID level and after number and name of the devices.

To see your RAID Information execute this command

[root@ns1 sysadmin]# mdadm --detail /dev/md0
/dev/md0:
        Version : 1.2
  Creation Time : Tue Nov 11 00:05:20 2014
     Raid Level : raid5
     Array Size : 2086912 (2038.34 MiB 2137.00 MB)
  Used Dev Size : 1043456 (1019.17 MiB 1068.50 MB)
   Raid Devices : 3
  Total Devices : 3
    Persistence : Superblock is persistent
    Update Time : Tue Nov 11 00:05:26 2014
          State : clean
 Active Devices : 3
Working Devices : 3
 Failed Devices : 0
  Spare Devices : 0
         Layout : left-symmetric
     Chunk Size : 512K
           Name : ns1.example.com:0  (local to host ns1.example.com)
           UUID : af2998ef:acc6cb1e:feb832f1:7f9b2f1b
         Events : 18
    Number   Major   Minor   RaidDevice State
       0       8       17        0      active sync   /dev/sdb1
       1       8       33        1      active sync   /dev/sdc1
       3       8       49        2      active sync   /dev/sdd1

Then we have to save our RAID Configuration.

In CentOS configuration file : /etc/mdadm.conf
In Debain baed /etc/mdadm/mdadm.conf

So save the configuration with

[root@ns1 sysadmin]# mdadm --detail --scan
ARRAY /dev/md0 metadata=1.2 name=ns1.example.com:0 UUID=af2998ef:acc6cb1e:feb832f1:7f9b2f1b
[root@ns1 sysadmin]# mdadm --detail --scan > /etc/mdadm.conf
[root@ns1 sysadmin]# 

if you want to see stats of your RAID

[root@ns1 sysadmin]# cat /proc/mdstat
Personalities : [raid6] [raid5] [raid4] 
md0 : active raid5 sdd1[3] sdc1[1] sdb1[0]
      2086912 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]

To set any RAID Disk as failed/faulty

# mdadm --fail /dev/md0 /dev/sdb1

To Remove any Disk from RAID

# mdamd --remove /dev/md0 /dev/sdb1

To add new disk

# mdadm --add /dev/md0 /dev/sdb1

If harddisk/partition has taken from another RAID , to flush all data in it before using into a new RAID

# mdadm --zero-superblock  /dev/sda1

Stop a Running RAID

# mdadm --stop /dev/md0

and to start

# mdadm --run /dev/md0 

Its supposed to run but with research i have done it wont run/start.

To start it we have to do like assembling again

# mdadm --assemble /dev/md0 /dev/sda1 /dev/sdb1 /dev/sdc1 

If you UUID of /dev/md0 it will be more easier and perfect.

# mdadm --assemble --scan --uuid=af2998ef:acc6cb1e:feb832f1:7f9b2f1b


Source:

http://www.devil-linux.org/documentation/1.0.x/ch01s05.html
https://raid.wiki.kernel.org/index.php/RAID_setup

VSFTPD - Passive mode port configuration

If your FTP got configured in Passive mode then to allow data transfers , you must to this.


##########/etc/vsftpd/vsftpd.conf################3

pasv_min_port=49152
pasv_max_port=65534

#############/etc/sysconfig/iptables-config##############

IPTABLES_MODULES="ip_conntrack_ftp"

Virtual Hosts in Apache -Linux

############################
Listen 192.168.56.150:80
Listen 192.168.56.151:81
############################

So above two lines are stands for IP based virtual hosting and as well as Port based Virtual Host.

The virtual Host which listens to the 1st IP will browse throughh port 80 but other will listens and browse through port 81 only.

Now We have to configure Virtual Hosts

#########################################
<VirtulHost 192.168.56.150:80>
    ServerAdmin root@localhost
    DocumentRoot /var/www/website1.com
    ServerName website1.com
    ServerAlias www.website1.com
    ErrorLog logs/www.website1.com_error.log
    CustomLog logs/www.website1.com_custom.log
</VirtualHost>
###########################################

###########################################
<VirtualHost 192.168.56.151:81>
    ServerAdmin root@localhost
    DocumentRoot /var/www/website2.com
    ServerName website2.com
    ServerAlias www.website2.com
    ErrorLog log/website2.com_error.log
    CustomLog log/webiste2.com_custom.log
############################################


Note: If you dont have your DNS Server then you can make some entries like below in your /etc/hosts file
########################
# vi /etc/hosts

192.168.56.150 website1.com
192.168.56.150 www.website1.com
192.168.56.151 website2.com
192.168.56.151 www.website2.com

###############################

So Name resolution can be done.


While I am doing

##############################

# service httpd restart

##############################

I am getting error like
###########
Starting httpd: [Wed Nov 19 01:17:25 2014] [warn] VirtualHost website1.com:80 overlaps with VirtualHost userinfo.com:80, the first has precedence, perhaps you need a NameVirtualHost directive

###########

Its because I am doing name based virtual hosting with one common IP, So we have to add that IP for name based virtualhosting with a line in /etc/httpd/conf/httpd.conf

######################

NameVirtualHost XXX.XXX.XXX.XXX:PORT

######################

Then save and restart with

######################

# service httpd restart

######################

and I am sure it will be fine.

Rename Database in MySQL

Today I am writing about how to rename MySQL Database.

So If you want to rename a database in MySQL dont forget taking backup of your Views,Procedures and Functions of current database. Because while you renaming changes wont apply for Views,Procedures and functions.

After you have taken the backup , We can go for renaming with the command below.

RENAME TABLE old_db.table TO new_db.table;

Here old_db is your old database name and new_db is your new database name. You have to execute this command for each table. And this is the way.

But what if we have a big database with 1000 tables ? executing the same above command for 1000 times is a stupid idea.

If you are using Linux you can use following BASH script to do that for you

for table in $(mysql -p -s -N -e "show tables from db1"); do mysql -s -N -e "rename table db1.$table to db2.$table"; done;

db1 is your old database name and db2 is your new database name and remaining everything will tool care by script only except giving password.:P

After executing the command successfully without any errors , you must have to restore that backup of Views,Proc's and Functions.

Errors: I have got one error with triggering. Generally some tables have triggers. So you copy the code of triggers and then delete those triggers. Then try to rename the table again.

After it got successful , just recreate the triggers for the same tables in new database.

I have done this trigger creation in MYSQL Workbench.

If you want to backup only Functions and not data of database then you can use this command

mysqldump --routines --no-create-info --no-data --no-create-db --skip-opt  <database> > outputfile.sql

Here : 

--routines                 =       for including routines ( views,functions,procedures)

--no-create-info       =       Do not write CREATE TABLE statements that re-create each dumped

                              table.

--no-data                  =        Do not write any row information for the table. This is very useful

                        if you want to get a dump of only the structure for a table.

 --no-create-db         =        This option suppresses the CREATE DATABASE /*!32312 IF NOT EXISTS*/

                        db_name statements that are otherwise included in the output if the
                        --databases or --all-databases option is given.

--skip-out        = --opt

                    This option is shorthand; it is the same as specifying
                    --add-drop-table --add-locks --create-options --disable-keys
                    --extended-insert --lock-tables --quick --set-charset. It should
                    give you a fast dump operation and produce a dump file that can be
                    reloaded into a MySQL server quickly.  As of MySQL 4.1, --opt is on
                    by default, but can be disabled with --skip-opt. To disable only
                    certain of the options enabled by --opt, use their --skip forms; for
                    example, --skip-add-drop-table or --skip-quick.

Famous SELinux Contexts

1. httpd SELinux context

                                        chcon -v --type=httpd_sys_content_t /path/to/dir

2.httpd SELinux context

                   chcon -Rv --type=httpd_sys_content_t /path/to/dir

3. Restore old/default context

                   restorecon -Rv -n /var/www/html


                    ;  -n switch to prevent any relabelling occurring.
4. Changing default port for services permitted SELinux

                                     #  semanage port -l
                    # semanage port -a -t http_port_t -p tcp 81
5. For Nagios

chcon -R -t httpd_sys_content_t /usr/local/nagios

        

  1st command to see what are the supported services. 2nd one changing default port for http service.



Note: Give me time to write them with proper explanation. 

More: http://wiki.centos.org/TipsAndTricks/SelinuxBooleans

Use Wget for downloading from FTP with username and Password

Hi , We all know we can use wget to download files from command-line.

Downloading files from FTP can be done but for with username and password you have to scroll manpage a lot.


wget --user <username> --password <password> ftp://xxx.xxx.xxx.xxx/dir/file/download


to resume

wget -c --user <username> --password <password> ftp://xxx.xxx.xxx.xxx/dir/file/download

Automation with Cron

In every linux cron service we found and it is most familiar command to every system administrator. I am proud to be one of them.

CRON - Introduction :

The cron is a daemon and we can manage it with service names crond. Cron is the best solution in all sort of Linux Operating systems to run scritps,commands at a determined or specified time. So as I did mentioned it is a service it will start with system and do its running as long as system running.

Generally cron will executes commands or scripts in "sh" shell (/bin/sh) . If you want to run your script in a different shell dont forget mentioning it before executing the command.

Cron Configuration file will be called as cron table and we can invoke it with command named as "crontab". Every user in linux have his/her own crontab and all users cron configurations will store at /var/spool/cron. All the cron jobs will be recorded at location /var/cron/log or /var/adm/cron/log.

CRON - Format :

Minute     Hour      DayofMonth      Month      Weekday     Command

Minute           Minute of the Hour         0 to 59
Hour               Hour Of the day             0 to 23
DOM              Day of month                 1 to 31
Month             Month of the yead          1 to 12
Weekday         Day of the week             0 to 6( 0 = Sunday)

In Cron scheduling if specific value not mentioned then automatically it will consider it for everytime. Unspecified part will have value as '*'. If particular field got particular value then it will executes at that time.Two integers separated by a dash mention like range. Range followed by a step value is nothing but period.Comma separated for all possibilities.

For Example:

1.        45 10 * * 1-5 echo " hi " > /dev/console

So 45 is Minute ,10 Hour, * for all & again * ,1-5 Range for weekday.

i.e Every Monday to Friday at time of 10:45 say "hi" and send to /dev/console.

2.         0,30 * 13 * 5 echo " hi "

So 0,30 i.e at every 0 min ( starting sec of a min) and after 30 Min , * for hour i.e for all hours ,13th of month and * for every month and 5 of the week  i.e Friday.

So the above time saying like

Everymonth 13th and everymonth Friday at every half -n-hour execute echo "hi" command.

3.    20 1 * * * find /tmp -atime +3 -type f -exec rm -f { } ';'

20 for minute
1 for Hour

* for day of month means all days of month ( 1-30)
* for month means all month (1-12)
* for weekday means for all days of a week ( 0-6)

So Everyday,Everyweek, Every month at time of 1:20 execute that script or command. and command simple finding unused file in /tmp for 3 days and removing it.

4.  10 10 1-30/2  * * echo " Hi"

command will execute at 10  hr :10  hr everymonth & everyweek but every odd date only.

NOTE: Cron have a small problem , that it wont load .profile or bashrc while executing commands , so if your script is have anything to do with environment variable you must have to mention it with in script.


CRON - Management :

crontab -e : To edit crontab
crontab -l : To list cron jobs
crontab -r : Remove all cron jobs

As I did mentioned every user have his own cron configuration file , root user can manage other user cron jobs with above commands. for example

crontab -e raja : edits raja crontab
crontab -l raja : list cron jobs of raja
crontab -r raja : removes cron jobs of raja


System administrators have a choice like which user allowed to do cron jobs and which are not.

If username exists in cron.deny then he wont be allowed for cron automation and if he does in cron.allow. In Linux by default all are allowed , so you can use cron.deny to block particular user for cron. But HP Linux only root user allowed by default and everyuser must be in cron.allow if we have ti allow cron and same for cron.deny to block.

Location : /etc


CRON - MORE :

Almost all Linux's have cron pre installed and have some crontab entries too which are pre installed.

/etc/cron.daily - all scripts in /etc/cron.daily  will execute scripts once a day.
/etc/cron.weekly - here scripts will run once per a week.


I hope it will help you to understand a little bit about cron. If you know advanced than this please let me know.

Help Helps You.

Raja

How to remove Shutdown,restart options from startmenu in windows server 2008.

1. Open run
2.Type gpedit.msc
3.choose User Configuration -> Administrative Templates -> Start menu & Task Bar

Choose Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands

and open it and select enabled.

Then

see whether it is updated or not. If its not updated then open run and type as

gpupdate /force

and now shutdown,restart removed from start menu.

Basic MySQL Administration

1. How to create a user and along with his privileges automatically ?

GRANT ALL PRIVILEGES ON database.* To 'username'@'hosr or IP ' IDENTIFIED BY 'password';

flush privileges;

2. How to give only specific privileges to users ?

GRANT select,lock tables ON *.* To 'user'@'host or IP ' IDENTIFIED BY 'password';

flush privileges;

3. How to see permissions of a user ?

show grants for 'username'@'hostanme';

4. How to revoke all given privileges ?

revoke all privileges on *.* from 'user'@'host';

5. How to take backup of database ?

mysqldump --user <username> --password=<password> databasename > databasebackup.sql

6. How to take backup of two databases ?

mysqldump --user <username> --password=<password> databasename1 databasename2 > databasebackup.sql

7. How to take backup of all databases in MySQL ?

mysqldump --user <username> --password=<password> -all-databases > alldbbackup.sql

8. How to take backup of table in database ?

mysqldump --user <username> --password=<password> database_name database_table \  >  databasebackup.sql 

9. How to restore one database ?

mysql --user <username> --password=<password> databasename < databasebackup.sql
mysql_upgrade -p -u root --force

Reset root password in CentOS 6

In CentOS base version , I mean v6 there is a bug and you cant reset the password in the usual way. I am going to mention both the ways.

To reset root password of CentOS machine, Start your PC. You will get GRUB screen and there choose " e" to edit booting kernel. After that It will open in a new window with current configuration.

If you observe there you can find a line with two last words like  " rhgb quiet \" Dont worry about "\" , use backspace and remove " rghb quiet". Then add in that line as " a 1 " and then press F10 key to boot. it will successfully boot into /bin/sh and there by using passwd command you can reset the root  password of the server.

If its not working .

1 . SELinux may be causing the problem , to take care of it you have to restart Machine and again edit GRUB , but this time we have to one more parameter extra.

Now add parameters like " a selinux=0 1 " , So CentOS will boot into /bin/sh with permissive mode of selinux.

2. Authentication Token manipulation error

Simple , the root partition has mounted as read-only so you are unable to write( password update -new password writing ) anything to root directory. so you have to remount it with read-write access & of course you are a root user .

mount -o remount, rw /

So after that try again with passwd command to reset the password.

Hope it helps.

CentOS 7 not detecting Windows

Install ntfs-3g package and you should be able to mount your Windows OS installed partition then after mounting it run command as

grub2-mkconfig -o /boot/grub2/grub.cfg

There you will see Windows getting detected in updated grub configuration.

Hope it helps.

CentOS 7 Repositories

EPEL for CentOS 7
## RHEL/CentOS 7 64-Bit ## # wget http://dl.fedoraproject.org/pub/epel/beta/7/x86_64/epel-release-7-0.2.noarch.rpm # rpm -ivh epel-release-7-0.2.noarch.rpm

RPMForge for CentOS 7
sudo rpm --import http://apt.sw.be/RPM-GPG-KEY.dag.txt sudo yum install http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm

Remi for CentOS 7
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm sudo sed -i 's/enabled=0/enabled=1/g' /etc/yum.repos.d/remi.repo

Note: Didnt get full information about RPM Fusion , if anybody get it let me know.

Explanation of /etc/fstab

What is fstab file?

fstab is a configuration file that contains information of all the partitions and storage devices in your computer. The file is located under /etc, so the full path to this file is /etc/fstab.

/etc/fstab contains information of where your partitions and storage devices should be mounted and how. If you can't access your Windows partition from Linux, aren't able to mount your CD or write to your floppy as a normal user, or have problems with your CD-RW, you probably have a misconfigured /etc/fstab file. So, you can usually fix your mounting problems by editing your fstab file.

/etc/fstab is just a plain text file, so you can open and edit it with any text editor you're familiar with. However, note that you must have the root privileges before editing fstab. So, in order to edit the file, you must either log in as root or use the su command to become root.

Sample fstab file looks like this

Note that this system has two IDE partitions, one which is used as /, and the other used as /home. It also has two DOS partitions which are mounted under /mnt. Note the user option provided for the cdrom, and the floppy drive. This is one of the many default parameters you can specify. In this case it means that any user can mount a cdrom, or floppy disk. Other options will be dealt with later.

fstab file format explination

fstab consists of a number of lines (one for each filesystem) seperated into six fields. Each field is seperated from the next by whitespace (spaces/tabs).

So from the example given previously:

/dev/hdc /mnt/cdrom iso9660 noauto,ro,user 0 0

 first field (/dev/hdc) is the physical device/remote filesystem which is to be described.

 second field (/mnt/cdrom) specifies the mount point where the filesystem will be mounted.

 third field (iso9660) is the type of filesystem on the device from the first field.

 fourth field (noauto,ro,user) is a (default) list of options which mount should use when mounting the filesystem.

 fifth field (0) is used by dump (a backup utility) to decide if a filesystem should be backed up. If zero then dump will ignore that filesystem. The sixth field (0) is used by fsck (the filesystem check utility) to determine the order in which filesystems should be checked.

If zero then fsck won't check the filesystem.

(as the example line above is a cdrom there is very little point in doing a fsck on it, so the value is zero).

File system mount options

As the filesystems in /etc/fstab will eventually be mounted using mount(8) it isn't surprising that the options field simply contains a comma-seperated list of options which will be passed directly to mount when it tries to mount the filesystem.

The options common to all filesystems are:

sync / async

All I/O to the file system should be done (a)synchronously.

auto

The filesystem can be mounted automatically (at bootup, or when mount is passed the -a option). This is really unnecessary as this is the default action of mount -a anyway.

noauto

The filesystem will NOT be automatically mounted at startup, or when mount passed -a. You must explicitly mount the filesystem.

dev / nodev

Permit any user to mount the filesyste. This automatically implies noexec,

exec / noexec

Permit/Prevent the execution of binaries from the filesystem.

suid / nosuid

Permit/Block the operation of suid, and sgid bits.

ro

Mount read-only.

rw

Mount read-write.

user

Permit any user to mount the filesystem. This automatically implies noexec, nosuid,nodev unless overridden.

nouser

Only permit root to mount the filesystem. This is also a default setting.

defaults

Use default settings. Equivalent to rw,suid,dev,exec,auto,nouser,async.

There are numerous options for the specific filesystes supported by mount.

However these are some of the more useful, for the full list check out the man page for `mount`.

ext2

check={none, normal, strict}

Sets the fsck checking level.

debug

print debugging info on each remount.

sb=n

n is the block which should be used as the superblock for the fs.

fat

check={r[elaxed], n[ormal], s[trict]}

Not the same as ext2. Rather deals with allowed filenames. See mount man page.

conv={b[inary], t[ext], a[uto]}

Performs DOS<->UNIX text file conversions automatically. See mount man page.

uid=n, gid=n

iso9660

norock

Disables Rock Ridge extensions.

fstab file Supported file systems list

affs - I have know idea what this is, if anyone else does please enlighten me.

coherent

ext - Don't use this. ext has been superseded by ext2.

ext2 - The standard Linux filesystem. (NB, this has nothing to do with extended partitions.)

fat - DOS.

hpfs - OS/2 High Performance File System.

iso9660 - CD-ROM's. Supports Rock Ridge extensions by default.

minix - can be useful for floppy disks.

msdos - Just fat with some addtional error checking.

nfs - Network FileSystem. Dealt with later.

proc - The process psudeo-filesystem now standard in Linux.

smb - Another network filesystem. Compatable with WFW, and NT. See Samba.

ufs - Unix FileSystem.

unsdos - Unix filesystem on a FAT partition.

vfat - MS's kludge of FAT to provide long filenames.

xenix

xiafs

Install lshw in CentOS 6.X

While I am trying to use the command lshw in CentOS 6 , I just came to know that it is not installed and not available in main repo.

To install lshw in your CentOS PC .

1. Open Link :  http://pkgs.repoforge.org/lshw/?C=M;O=D
2. Copy download link of latest rpm package
3. Install with yum rather than using rpm , if you use rpm then it will fail due to missing dependencies. so better to use yum.

# wget http://pkgs.repoforge.org/lshw/lshw-2.17-1.el3.rf.i386.rpm
# yum install lshw-2.17-1.el3.rf.i386.rpm

After installing you can use it, simply type as lshw in the terminal.

lshw - simple meaning is list hardware. It will list total information about hardware in your PC or Server.

It will give very big output , so you better choose the desired output by using grep.

For example I just want VGA information :

[root@localhost ~]# lshw | grep VGA
             description: VGA compatible controller
             product: SVGA II Adapter
[root@localhost ~]#

Process Management

Hello , My new blogpost is about Process Management and I have gone all concepts of Process Management. I have written this document with help of .Doc and it consists of images. So its hard to maintain the format in blogger too. I am placing the download link , Please use that link to download. I hope it helps you. To Download my post Please click here

TCP Wrappers

The Simple thing I can tell us all about TCP Wrappes is

 " TCP Wrappers are Host-Based Networking Access Control List (ACL) System & used to filter Network access to Internet.

For all services in Linux TCP wrappers cant be applicable by default and its possible if source of the service got compiled with libwrap.

To check whether given service is compatible or not with TCP Wrappers , do as

ldd  /path/to/service | grep libwrap.so

For example lets check sshd service having support or not.

ldd /var/sbin/sshd | grep libwrap.so

Now it will print some output like its there for sshd.

Similarly you can check for any other service you want.

Wild Card Entries:

ALL ,LOCAL, UNKNOWN,KNOWN.

1. To block all hosts from accessing all services remotely

# vi /etc/hosts.deny

ALL : ALL

It will drop all the connections.

2. Allow all except one domain

ALL : @support
ALL : .tech.com EXCEPT development.tech.com

3. Placing logs for unauthorized access

ALL: .developement.com : spawn /bin/echo %a from %h attempted to access %d >> /var/log/ssh.log:deny

4. Log with High priority

sshd: .tech.com severity emerg

5.Spawn with date

In this example I am using sshd service, you can use any if you want.

sshd: 192.168.1.2 : spwan /bin/echo `/bin/date` from %h >> /var/log/ssh.log : deny 

6. twist command is also same but it will send information to client. I didnt succeeded on using this. Give me time to research on this.

SSH configuration: sshd_config file

In SSH Server , we do have two types of configuration files. They are sshd_config and ssh_config.

Here sshd_config is all about server side configuration. The behavior of SSH server written at this file.

In this article I am writing a simple article with few best practices over sshd_config.

Note: For edit that you are doing to sshd_config , you must restart sshd service. Please review my last article about ssh restart.


1. Allow login only with root and deny all other.

This is actually simple. In the terminal type as a root user as menioned below

# touch /etc/nologin

That's it. Then restart sshd service. Now try with normal user and you wont be allowed to login.

2.SSH Protocol switching.

SSH have two versions as Version-1 , Version-2
Version-1 have only feature that user based authentication.Due to this we can only know who is getting login into server but we cant see from which machine or host he is doing this and this machine may be authorized or unauthorized. Due to this its not safe to use Version 1 in real time.

Version-2 overcomes this problem with Version-1 with host-based authentication process and along with user-based authentication process.

First It will take the host Identity and then only it will allow user to login.

You can set your version of SSH with

Protocol 2

in sshd_config file at line line number 21.

3. Disabling direct root login

So first login should be normal user login and then only he can switch into a root user if he know the root password. This is one of the best practice. and to do that open sshd_config file with

# vi /etc/ssh/sshd_config

Find or write a line as

PermitRootLogin no

then save & close, then restart sshd service.

4.Allow only specific users.

Assume we have 100 users in network and you dont want them to login through ssh. You can simply allow particular users to login and deny all other.

Open your configuration file

# vi /etc/ssh/sshd_config

Then write a line as

AllowUsers user1 user2 user3

user1,user2,user3 are usernames.

save ,close. restart sshd service.

5. Deny only specific users.

Same case as above but you want only part of them to deny and allow all others.

# vi /etc/ssh/sshd_config

DenyUsers user1 user2 user3

6.Disconnect Idle ssh sessions after a timeout.

Open your sshd_config file and write the lines as below and it will disconnect the sessions after time out. In the example it is 300 Sec i.e 5 Min.

# vi /etc/ssh/sshd_config

then add

ClientAliveInterval 300

ClinetAliveCountMax 0

save,close & restart sshd service.

7.Display Banner information to all who are trying to connect.

Now make a file with information you want to display , assume I have information made at location /etc/issue. Now I can display the information of at /etc/issue to all by making as below

Open file

# vi /etc/ssh/sshd_config

then add

Banner /etc/issue

save,close and restart sshd service.

8.Port Number change

This is also one of the best security practice. Default SSH port is 22 and attackers first choice will be 22. So we have to change it to something else.

Open configuration file

# vi /etc/ssh/sshd_config

then write a line as

Port 2222

save,close. Now as per configuration file ,ssh default port is 2222 but unless we made changes in IPTables it wont work for remote connections.

# vi /etc/sysconfig/iptables

Then modify the line which have port 22 ,else remove it and add the new line as below.

-A INPUT -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT

then save and close the file and restart iptables with

# service iptables restart

9. Allow only particular IP

This is awesome thing , who ever the attacker he cant do anything unless he is doing from authorized machine network address.

This we can do in 3-ways and we can assume it as 3-level security arrangement.

Method-1 : IPTables , assume you want only 192.168.1.2/24 network only to access your ssh service. Then open your IPtables at server end and type as mentioned below before commit,

-A INPUT -s 192.168.1.2/24 -m state --state NEW -m tcp -p tcp --dport 2222 -j ACCEPT

then save,close and restart IPTables with

# service iptables restart

Method 2 : From sshd_config.

Edit configuration file and write as mentioned below.

# vi /etc/ssh/sshd_config

then add line as

ListenAddress 192.168.1.2/24

save,close & restart sshd service.

Method 3: TCPWrappers

If you mentioned IP in at /etc/hosts.allow then for that IP , mentioned service will be allowed and if you mention the same in /etc/hosts.deny then for that IP , mentioned service will be deny.

For example look at below case.

# vi /etc/hosts.allow

then add

sshd : 192.168.1.2/24

save ,close. No need restart. Now only the mentioned IP will be allowed for ssh access.

Now /etc/hosts.deny

# vi /etc/hosts.deny

sshd : 192.168.1.2/24

save,close. Now from this IP all ssh request will be denied.

I will write an article about TCPWrappers soon.


TCPWrappers loading order as first /etc/hosts.allow file and then /etc/hosts.deny file. So make sure about the flow and understand it.

12. Deny Empty password login.

This is not a good habit, login with empty password so do as below in your config file

# vi /etc/ssh/sshd_config

add as

PermitEmptyPasswords no

save,close and restart sshd service.


If you are having any other Information about sshd_config configuration, Please add in comments area and I will add it in main post.

Help helps you.

Install & configure SSH in CentOS 6.X

Today I am going to start writing an article about SSH installation and configuration in CentOS. SSH means Secure Shell. When ever we are doing any kind of remote transmission though telnet,It will transmit the information as clear text and anybody is in the network can see whats being transferred and username/password and other sensitive information which supposed to be very secure.So to protect remote data operations SSH invented.
For Information : http://en.wikipedia.org/wiki/Secure_Shell
--------------------- How to install SSH ----------------------
Open your terminal and type

yum install openssh-server openssh-clients

After installing it , we have to make it as autostart with system boot. to make it so execute below command
chkconfig sshd on
To start,stop,restart and to know status of service

service sshd start
service sshd stop
service sshd restart
service sshd status

-----------------------------------------------------------------
Now we have to configure SSH.
------------------------------------------------------------------
Main purpose of SSH is remote host access , so to accept remote incoming connections we must allow the port in IPTables. So add the below line IPTables

vim /etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

Then restart IPTables

service iptables restart

---------------------------------------------------------------------
GIVE ME TIME TO UPDATE IT

FTP in CentOS 6.x with vsftpd,ftp.

In this tutorial I am going to explain about how to install and configure FTP server with Vsftpd and ftp.

To install

yum install vsftpd ftp

after installing edit the configuration file with

vim /etc/vsftpd/vsftpd.conf

For basic secured FTP these are the necessary actions you should follow.

Disable Anonymous login If you want with placing

anonymous_enable=NO

or comment #anonymous_enable=YES.

If you want to restrict users to their home directory Then uncomment

chroot_local_users=YES

For most of the times we generally consider FTP users home directory as their directory. But we can add custom directory location if you want.

syntax:

useradd -d /path/path <username>

ex:

useradd -d /ftp/raja raja
passwd raja

so right now raja user we use to login into FTP and its in a custom directory.

If you want to add vsftpd service as autostart from next restart then you better add it startup list with

chkconfig --levels 235 vsftpd on

there 2,3,5 are runlevels

If you want to start FTP service i.e vsftpd then

service vsftpd start

in the same way restart ,stop,status are as follow

service vsftpd restart service vsftpd stop service vsftpd status

Sometimes we may need to store the local server log time in your log of FTP , so write this line at the end of the configuration file I have mentioned above

use_localtime=YES

Now due to security reasons no one will use default FTP port 21 as their port for service. We can change it.
Open the configuration file of vsftpd and mention at line as

listen_port=2121

or anyportyouwant

then save and close it.

after that restart vsftpd service. But you wont be able to connect . why means here you have changed default port, so automatically you have to update the same port in your IPTables.

open IPtables with

vim /etc/sysconfig/iptables

and write a line like

-A INPUT -p tcp -m state --state NEW -m tcp --dport 2121 -j ACCEPT

Then restart iptables with

service iptables restart

so It will now accepts remote FTP connections through that port.


Here you have to add Boolean to selinux to get allow from it. I have set selinux to permissive from enforcing with

setenforce 0

then check with

getenforce

Now I am going to tell you about how to share single FTP directory for multiple users.

This is pretty simple I am introducing ACL's here. Many people do in their own way and this is mine.

add user first with

useradd -d /ftp/raja raja2

then

setfacl -m u:raja2:rwx /ftp/raja

so for users Raja and Raja2 we are giving same directory for sharing.

How to login ?

If you ware using default port of FTP i.e 21 then assume like your FTP server IP as 192.168.1.1

then in terminal like

ftp 192.168.1.1

then give username and password.

make sure you have followed selinux thing before this to have proper connectivity.

If you have changed default port , the way of connecting will be different a little but , assume your new port is 4545 then you can connect with

ftp 192.168.1.1 4545

Let me give time to arrange this post with proper format.
But I am sure , It is clear enough to read and let me know If I am missing anything I will add it.

Managing repo's with YUM in CentOS,RedHat,Fedora

Today I am just writing article about how to Enable,Disable,Add repository by using YUM

Adding Repo:

yum-config-manager --add-repo repository_url

 

Enable Repo:

yum-config-manager --enable repository…

 

Disable Repo:

yum-config-manager --disable repository…

 

hope that helps you

Create Wi-Fi Hotspot in Windows

Open your cmd.exe with Administrator account and paste these command line after line

netsh wlan set hostednetwork mode=allow ssid=hotspot key=password keyUsage=persistant

netsh wlan start hostednetwork
 

Thats it , now scan your Wi-Fi for hotspot. You can use any where , you just require wireless router/modem.